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CLAIMS 



What is claimed is: 

[Note; Bracketed bold and italicized cross-referencing text 

is provided in the below claims as an aidjor readability and for 
finding corresponding (but not limiting) ^^^^^8 support in 
the specification. The bracketed text is not intended to add any 
limitation whatsoever to the claims and should be deleted in all 
legal interpretations of the claims and should also be deleted 
from the final published version of the claims.] 

1 . A machine system [1 oo,90ti\ for protecting access constrained 
information from unauthorized access by way of unauthorized users or 
unauthorized programs, said machine system comprising: 

(a) data-providing means [917,930] for providing data of an identified one 
of two or more digital data files [153^161,954], where each of said files is 
identifiable [919] by a file name and where each of said files is retrievable from 
either a local storage [912,150] or from an external storage [950]] 

(b) an interceptable access mechanism [917,934] through which data of 
an identified file of the data-providing means is accessed by identifiable, 
access-requesting programs and/or access-requesting users; 

(c) access-control means [920,925] coupled to intercept [201] data 
access attempts made through said interceptable access mechanism, 

(c. 1 ) wherein the access-control means includes deny/approve means 
[212,238,250] fortesting the intercepted data access attempts and responsively 
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denying or approving intelligible or other data access to the data of an 
identified subset of said files based on one or more of the identity of an 
access-attempting program, the time of the access attempt, the machine or 
location from which the access request originates and a user associated with 
the access request, and 

(c.2) wherein the access-control means includes permissions control 
means [925] for responding to permission rules [911,957,1 58] associated with 
respective ones of identifiable subsets of said files; and 

(d) localizing means [205,231 a] for transparently and temporarily 
localizing external files and respective external permission rules of such 
external files for use by said access-control means. 

2. A machine-implemented method [100,900] for protecting access 
constrained information from unauthorized access by way of unauthorized 
users or unauthorized programs, said machine-implemented method 
comprising: 

(a) in response to a navigation-based request [919] } providing [91 7,930] 
data of an identified one of two or more digital data files [I53b,i 61,954], where 
each of said files is identified in the navigation-based request [919] by a file 
name, file handle [15b], or equivalent and where each of said files is retrievable 
from either a local storage [912,150] or from an external storage [950]; 
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(b) intercepting [20i\ data access attempts made through an 
interceptable access mechanism, wherein: 

(b.1) the interceptable access mechanism [917,934] is one 
through which data of an identified file of the data-providing means is 
accessed by identifiable, access-requesting programs and/or access- 
requesting users; 

(b.2) the interceptable access mechanism includes access- 
control means includes deny/approve means [212,238,250] for testing the 
intercepted data access attempts and responsively denying or 
approving intelligible or other data access to the data of an identified 
subset of said files based on one or more of the identity of an access- 
attempting program, the time of the access attempt, the machine or 
location from which the access request originates and a user 
associated with the access request, and 

(b.3) the access-control means includes permissions control 
means [925] for responding to permission rules [91 1,957,1 58] associated 
with respective ones of identifiable subsets of said files; and said 
method further comprises: 

(c) in response to those of said navigation-based requests which 
request external files, transparently and temporarily localizing [205,231a] 
the external f i les and the respective external permission rules of such external 
files for use by said access-control means. 
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3. The machine-implemented protecting method of Claim 2 
wherein: 

confidential information is kept essentially and consistently in encrypted 
format when the confidential information either resides within a remote file 
server [so] or within easily removable media or when such confidential 
information is in-transit along an untrusted (not-secure) communications link 
[30]; 

said confidential information is exposed in plaintext form on an as- 
needed and as-authorized basis, essentially only when said confidential 
information resides within a local client [10,20] that is conveniently viewable by 
one or more authorized users; 

said plaintext exposure is allowed to occur only after an authorized user 
validates his or her authorization to access the information at the local client . 



4. A software product [106] having manufactured instructing signals 
for instructing an instructable machine [50,20] to carry out a file characterizing 
^R^KSSIS method [FigsiB,55A] ^Hf^H [for] deciding how to respond 
to an access request for accessing data of an identified file, where the file is 
identified as primarily residing on a given media [70], f|§ machine- 
implemented characterizing ^^^^^^^S method comprising: 
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(a) first determining [55A] if the identified file is an access-constrained 
one, and if not, allowing [207ri\ unconstrained access to the data of the 
identified file; 

1 0 (b) second determining [55B] if the identified file is one covered by OTF 

recryption processing, and if not, allowing [228] recrypti on-free access to the 
data of the identified file; 

(c) third determining [ssc] if the identified file is one covered by bubble 
protection processing, and if not, allowing [21 3] bubble-free access to the data 

15 of the identified file; 

(d) if the identified file is one covered by bubble protection and/or OTF 
recryption processing, fetching from the given, primary-residence media of the 
file, permission-control signals [55,76] for use by the OTF recryption processing 
and/or bubble protection processing in determining whether to respectively 

2 0 grant decrypted access or any access to the data of the identified fiTgf 

S^R^ given, primary-residence media of the identified file is external 
to, or easily removable from a protective housing [11] of said instructable 
machine, transparently and temporarily localizing within the protective housing, 
a copy of the permission-control signals [55,76] and a copy of the identified file; 



25 




the transparently and temporarily localized copies of the 



identified file and its permission-control signals in responding to local access 
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requests generated from within the protective housing 



5. The software product [106] of Claim 4 wherein said permission- 
control signals [52a,54a] are digitally-signed [206x] and consistently stored in a 
predefined directory of the primary-residence media of the file. 

I [Figs.ic,2A-c] for responding to 
file-opening requests [20i,i8i] submitted to a local machine [81,10] having local 
securing means [11,80,150] for physically securing stored data, said method 
comprising: 

(a) first determining [229] if a file that is to-be-opened per a submitted 
request [181] is a resident of a remote or easily-removable media [70] and if so, 
whether such a locally-nonresident and requested file [74] is logically 
associated [77] with access-constraining rules (AC-rules) [76] also stored 
remotely or on easily-removable media; and 

(b) if respective localized versions [84,86] of the requested, locally- 
nonresident, and AC-associated file or of the file's logically-associated AC- 
rules are not already physically secured [81,1-f] within the local securing means 
of the local machine, respectively and securely importing [90,251] copies of the 
locally-nonresidentfile and/or of the file's locally-nonresident AC-rules into the 
local securing means [11,80,150] of the local machine. 
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7. |tf! machine-implemented method of Claim 6 wherein said 
securely importing step includes: 

(b. 1 ) conducting a digital signature check [206] on a locally-nonresident 
AC-rules copy before allowing such a, being-imported AC-rules copy to be 
deemed as being securely-imported and locally-resident. 

8. fit! machine-implemented method of Claim 7 wherein said 
securely importing step includes: 

(b.2) conducting a digital signature check [255,i6ic] on a locally- 
nonresident and AC-associated file copy before allowing such a, being- 
5 imported file copy to be deemed as being securely-imported and locally- 
resident. 

9. fl§f machine-implemented method of Claim 8 wherein said step 
of securely importing a locally-nonresident and AC-associated file copy is 
characterized by: 

(b.2a) causing the digital signature check to be carried out on a 
5 plaintext version [I6id\ of the file copy even where the imported file copy is 
encrypted. 

10. l|f| machine-implemented method of Claim 6 wherein said 
securely importing step is characterized by: 
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(b.1) not transmitting between the remote or easily-removable media 
[70] and the local securing means, a plaintext version of confidential informa- 
tion represented by the locally-nonresident file while said copy of the file is 
being securely imported. 

1 1 . ||§| machine-implemented method of Claim 6 wherein said 
securely importing step is characterized by: 

(b.1) not creating in the local machine, a nonvolatile, plaintext version 
of confidential information represented by the locally-nonresident file while or 
after said copy of the file is securely imported. 

12. Sp$| machine-implemented method of Claim 6 wherein said 
locally-nonresident and requested file [74] and its logically associated AC-rules 
[76] are consistently stored together on a same removable medium or in a 
same remote machine even as the primary residence of the locally-nonresident 
and requested file migrates from one place [50] to another [50"], and said first 
determining step includes: 

(a.1 ) looking for the logically-associated AC-rules in a predefined folder 
[957] of the primary residence place of the locally-nonresident and requested 
file. 
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13 - til machine-implemented method of Claim 6 and further 
comprising: 

(c) using the localized copies [159,158] of the requested file and its AC- 
rules for carrying out file access operations [I5b~i5d,i82], where said file 

5 access operations can include gaining bubble-protected access [21 2y] to the 
data of the file copy and/or gaining intelligible access [252] to the information 
of encrypted data [161b], if any, withing the file copy, provided that authorization 
to do so is present. 

14. ill machine-implemented method of Claim 13 and further 
comprising: 

(d) after local use of the localized copies [159,158] of the requested file 
and its AC-rules is complete, deleting [231c,490] the local copies if they had not 

5 been modified, or otherwise de-localizing a modified version of the file copy if 
authorized and permitted modification had taken place, where said de- 
localizing includes sending [447] the modified version (which may be 
appropriately encrypted prior to transmission) back to the remote or easily- 
removable media [70] form which the original file was copied from or sending 
the modified version to a new place of primary residence [50',5Q",106]. 

15. fill machine-implemented method of Claim 13 and further 
comprising: 



Attorney Docket No.: SYMA1 045MCF/GG 
/s/ggg/syma/1 045.001 



Ver. Tue Aug 21 2001 (12PM) 



- 165- 

(d) during local use of the localized copies [159,158] of the requested 
file and its AC-rules, tracking the availability [202-203] of the remote or easily- 

5 removable media [70] that stores the locally-nonresident and requestedfile [74], 
and 

(e) if said tracking indicates the remote or easily-removable media is 
unavailable [343] or a link to a remote machine containing said remote or 
easily-removable media is down [344], refusing [298,498] an access request to 

1 0 the file even though the localized copy is locally available, said refusal creating 
an illusion that the file being used is the external one rather than the localized 
copy. 




[Figs.iA-ic] for managing access- 



constrained files [74] and data representing their corresponding access- 
constraining rules (AC-rules) [76], said management method comprising: 
(a) keeping said access-constrained files [74] and the data of their 
5 respective, logically associated AC-rules [76] consistently stored together on 
a same removable medium [70] or in a same remote machine [sow*] even as 
the place of primary residence of the access-constrained files migrates from 
one place [so] to another [50",106]. 

17. lltl files management method [Figs.iA-ic] of Claim 16 and 
further comprising: 
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(b) keeping said logically associated AC-rules [76] consistently stored 
in a predefined folder [957,29] of the primary residence place of the 
corresponding access-constrained files. 

18. f|| files management method [Figs.iA-ic] of Claim 16 and 

further comprising: 

(b) providing a file-request handler [51] at the primary residence place 
of the corresponding access-constrained files for keeping track [57] of the 
logically associated AC-rules [76] that correspond with specific ones or sets 
[52,54] of the access-constrained files. 

1 9. A software product [300] having signals defining a file-use record, 
where the file-use record is for use in a local machine [81,10] that can respond 
to file-opening requests [201,181] submitted to the local machine [81,1 o], where 
the local machine has local securing means [11,80,150] for physically securing 
stored data therein, including localized copies of non-resident files that reside 
primarily on remote or easily-removable media [70] and are subject to access- 
control rules [76], and where the file-use record of said software product 
comprises at least one of: 

(a) a channel status field [344] for indicating whether a communications 
channel to the media of a corresponding, non-resident file is currently operative 
or not; 

Attorney Docket No.: SYMA1 045MCF/GG 

/s/ggg/syma/1 045.001 Ver. Tue Aug 21 2001 (12PM) 



-167- 

(b) a media availability status field [343] for indicating whether the 
media of a corresponding, non-resident file is currently removed or not; 

(c) a media locality field [343] for indicating whether the media of a 
corresponding file is native or a not-permanently-resident one; 

(d) a first section [320] for keeping track of current, access-constraining 
states associated with the locally-native or temporarily localized file; 

(e) a second section [330] for keeping track of current usage by local 
application programs of the locally-native or temporarily localized file that is 
subject to access constraining; and 

(f) a third section [340] for keeping track of the primary residence 
location of the temporarily localized file. 




[Fig.ic] for managing localized access to access-constrained files [954] where 
the access-constrained files each have a primary place of residence [950] 
within the network and have corresponding access-constraining rules 
(AC-rules) defined by data [957] stored at the corresponding primary place of 
residence [950] of the respective files, said network system comprising: 

(a) a plurality of file-servers [sow*] and/or storage media units [ni] 
coupled to a network [30,30',930]\ 
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(b) at least one client [10,20] coupled to the network for accessing file 
data of files stored on the file-servers and/or storage media units, where the at 
least one client includes: 

(b.1) local securing means [11,80,150] for physically securing 

stored data; 

(b.2) importing means [19,29] for securely importing [90,251] 
copies of locally-nonresident file and/or of the file's locally-nonresident 
AC-rules into the local securing means [11,80,150] of the client; and 

(b.3) local constraining means [25,25',1 54,200] for constraining 
access to data of locally-resident files and/or of imported local copies 
of said locally-nonresident files in accordance with corresponding 
locally-resident AC-rules and/or imported local copies of said locally- 
nonresident AC-rules. 

21 . §if| network system [900] of Claim 20 wherein the at least one 
client includes: 

(b.4) exporting means [92S,92AM*M"f\ for securely exporting the 
data of locally-modified copies of locally-nonresident files to their 
corresponding primary places of residence [950] within the network. 

22. I® network system [900] of Claim 21 wherein the at least one 
client further includes: 
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(b.4a) export delay means [442] for keeping track of how many 
local application programs, if any, are still reading or trying to further 
modify the locally-modified copies of locally-nonresident files, and for 
delaying [441] said secured export of the data of the locally-modified 
copies even after a currently-modifying, local application program 
finishes [435] using the locally-modified copies. 

23. flU network system [900] of Claim 22 wherein said access- 
constraining rules include at least one of; 

(d.1) OTF recryption rules [220-226]; 
(d.2) bi-directional Bubble-protection rules [212]] 
(d.3) uni-directional Bubble-protection rules (e.g., those that allow write- 
only access but not read-only access or vice versa); and 
(d.4) user-ID based access-constraining rules. 

24. |j§|| network system [900] of Claim 20 wherein said access- 
constraining rules include at least one of: 

(d.1) OTF recryption rules [220-226]; 
(d.2) bi-directional Bubble-protection rules [212]] 
(d.3) uni-directional Bubble-protection rules (e.g., those that allow write- 
only access but not read-only access or vice versa); and 
(d.4) user-ID based access-constraining rules [238]. 
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25. fjj| network system [900] of Claim 20 wherein said files 
management subsystem [F/g.fc] includes: 

(c) migration control means for keeping said access-constrained files 
[74] and the data of their respective, logically associated AC-rules [76] 
consistently stored together on a same removable medium [70] or in a same 
server [50 r ,50"] even as the place of primary residence of the access- 
constrained files migrates from one place [so] to another [50",106]. 

26. ^88^|^^^H| [91 o] for use in a network system [900] having 
files defined as access-constrained files [954] where the access-constrained 
files each have a primary place of residence [950] within the network and have 
corresponding access-constraining rules (AC-rules) defined by data [957] 

5 stored at the corresponding primary place of residence [950] of the respective 
files, said client machine comprising: 

(a) importing means [19,29] for securely importing [90,251] copies of 
locally-nonresident files and/or of the files' locally-nonresident AC-rules from the 
network and into the client machine; and 

o (b) local constraining means [25, 25',1 54,200] for constraining access to 

data of locally-resident files and/or of imported local copies of said locally- 
nonresidentfiles in accordance with corresponding locally-resident AC-rules 
and/or imported local copies of said locally-nonresident AC-rules. 
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27. HH client machine of Claim 26 wherein said local constraining 
means includes: 

(b. 1 ) a decryption unit [932] for providing intelligible access to informa- 
tion of encrypted ones of said access-constrained files; 
5 (b.2) flow-blocking switches [921,922] for blocking the flow [934] of file 

data either directly to a requesting application program [93g\ or indirectly by 
way of said decryption unit to the requesting application program; 

(b. 3) a permissions control module [92S\ that controls said flow-blocking 
switches to thereby block all access by the requesting application program to 
10 the requested file data, or to block intelligible access to information of 
encrypted portions, if any, of the requested file data, ortograntnondecrypted 
access to the data of the requested file data, or to grant intelligible access to 
the encrypted portions, if any, of the requested file data; 

(b.4) a local and physically-secured permission-rules storing memory 
15 [911] that stores local AC-rules and/or copies of securely imported ones of 
locally-nonresident AC-rules, where the stored AC-rules are usable for 
governing the actions of the permissions control module [925]. 

28. j|§j client machine of Claim 26 wherein said AC-rules can 
govern the actions of the permissions control module on the basis of at least 
one or more of: 
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(b.4a) temporally based constraints regarding the time that access is 
requested to a corresponding, access-constrained file; 

(b.4b) geographically based constraints regarding the location from 
which a request is generated for access to a corresponding, access- 
constrained file; 

(b.4c) machine identification based constraints regarding the unique 
identification of the machine from which a request issued for access to a 
corresponding, access-constrained file; 

(b.4d) program identification based constraints regarding the unique 
identification [sos] of the executing program or programs whose actions led to 
a request being issued for access to a corresponding, access-constrained file; 

(b.4e) user identification based constraints regarding the unique 
identification [902a] of one or more human users [901] whose recent actions led 
to a request being issued for access to a corresponding, access-constrained 
file; and 

(b.4f) navigation-path based constraints regarding the unique way in 
which a path [902b] was navigated to point to the access-constrained file for 
which a request was issued for access to corresponding file data. 

29 - flit client machine of Claim 26 and further comprising: 
(c) a ubiquitous navigating mechanism [919] for seamlessly pointing to 
external files stored on the network or on externalizable media, as easily as for 

Attorney Docket No.: SYMA1045MCF/GG 

/s/ggg/syma/1 045.001 Ver Tue Aug 21 2 Q01 (1 2PM) 



-173- 

pointingto locally stored files so that a novice user [901] can be left unaware of 
what is the primary place of residence [950] of a pointed-to file. 

30. |l§§f client machine of Claim 26 wherein said local constraining 
means includes: 

(b.1) volatile storage means [17S[ for temporarily storing plaintext data 
derived from a selected one the two or more digital data files; and 

(b.2) volume-encryption means [1 74,500,550] for decrypting confidential 
data portions [161b] of a selected one of said access-constrained, digital data 
files and for transmitting the decrypted confidential data to the volatile storage 
means [17&\ after local approval for such intelligible access is locally granted. 

31 . client machine of Claim 26 wherein said local constraining 
means includes: 

(b.1 ) bubble-control means [21 2] which intercepts file-OPEN requests 
made by identifiable, requesting programs for access to data of an access- 
constrained file and determines whether or not to approve access to the data 
of the file based on at least one of the following, user-ID independent factors: 

(b.1a) identity [905] of the requesting application program; 

(b.1b) when the file-OPEN request is made; 

(b.1c) location from where the file-OPEN request is made; 
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(b.1d) unique identity of the client machine such as serial 
number; and 

(b.1e) whether the request is a unidirectional, read-only or write- 
only type of request.. 

32. jlj client machine of Claim 31 wherein: 

(b.1f) the bubble-control means [212] posts a security alert message 
[218] to the network [30] upon denial of a file-OPEN request by the bubble- 
control means. 

33. ^ll^^^l^^^^lil^^^^^l [106,30',130] for instructing an 
instructable machine to carry out an access-constraining method for files that 
primarily reside either inside or outside the instructable machine, where the 
instructable machine [100] has an internal, data-providing means [150, 175] that 
can provide data from an identified one of internal or external, plural digital data 
files [152,153,161,162] in response to interceptable file-access requests [181,182], 
where each of said files is identifiable by a file name, said machine- 
implemented, access-constraining method [202] being for protecting data 
and/or information of said files from unauthorized access by way of 
unauthorized ones of identifiable programs and/or at the behest of 
unauthorized, identifiable users, said internal/external access-constraining 
method comprising: 
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(a) intercepting [201] data access attempts made by access requesting 
programs for data in an identified one of files residing primarily on an identified 

15 internal, removable, or external media; 

(b) firsttesting [202] for each intercepted data access attempt, to verify 
that the identified media on which the requested file primarily resides is 
currently available, and if not [203], updating local records [340] which track the 
current availability of the identified media to indicate the current non-availability 

2 0 of the media; 

(c) second testing [20&\ for each intercepted data access attempt, to 
determine if access constraining control information is already available 
internally for the identified file; 

(d) if said second testing shows that the access constraining control 
25 information is not available in an internal and physically-secure storage area 

[150,1 55], attempting to securely import [206] the missing, access constraining 
control information from the removable, or external media of primary residence 
of the identified file; 

(e) if said import attempt shows that the missing, access constraining 

3 0 control information is unavailable, determining [207] explicitly or implicitly if the 

missing information is necessary for allowing the intercepted access-request 
to complete normally [299] to provide a grant [15a] of the request, and if the 
missing information is necessary, blocking [2f5] the intercepted access- 
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request from completing normally and thereby blocking the provision of said 
grant [handle] in response to the intercepted access-request. 

34 ■ fill instructions conveying means [106,30',130] of Claim 33 and 
further wherein said step (d) of attempting to securely import [206] the missing, 
access constraining control information includes at least one of: 

(d. 1 ) verifying a digital signature [206x] covering corresponding access 
5 constraining control information that is held in said removable, or external 
media of primary residence of the identified file and imported into said 
instructable machine [100]] 

(d.2) decrypting [206] imported digital data that represents the 
corresponding access constraining control information of the identified file; and 
10 (d.3) storing a digital-signature authenticated and/or decrypted, 

plaintext version of the missing, access constraining control information in said 
internal and physically-secure storage area [150,158] of the instructable 
machine. 

35. fill instructions conveying means [W6,30',130] of Claim 33 and 
wherein said internal/external access-constraining method further comprises: 

(f) third testing [229] for each intercepted data access attempt, to 
determine if the identified file is an access constrained one which resides 
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primarily on removable, or external media, and if so to determine [230] whether 
a localized copy [84] of the identif ied file is present in the instructable machine; 

(g) if said third testing shows that the localized copy [84\ is not present, 
importing [231a] a copy of the identified file into said internal and physically- 
secure storage area [150,159] of the instructable machine. 

36. tBI instructions conveying means [1Q6,30',130] of Claim 35 and 
wherein said internal/external access-constraining method further comprises: 

(h) recording [231c] the time of said importing of the copy of the 
identified file so that said time of localization can be later used by garbage 
collection mechanisms of the instructable machine to remove localized copies 
that have remained localized beyond a predefined time limit. 

37. lltlf instructions conveying means [106,30',130] of Claim 35 and 
wherein said internal/external access-constraining method further comprises: 

(h) determining [233] if the just-localized file copy imported in step (g) 
is one whose primary data is encrypted; 

(i) attempting to decrypt the encrypted primary data of the just-localized 
file copy if the determining step (h) shows that such encrypted data is present; 
and 

(j) blocking [238n,255f,2i£\ the intercepted access-request from 
completing normally and thereby blocking the provision of said grant [handle] 
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io in response to the intercepted access-request if the attempted decryption of 
step (i) is unsuccessful. 

38. |1§ instructions conveying means [106,30',130] of Claim 37 and 
wherein said internal/external access-constraining method further comprises: 

(k) attempting to verify [255] a digital signature [161c] covering the 
decrypted primary data [161b] of step (i); and 
5 (I) blocking [255f,2i$[ the intercepted access-request from completing 

normally and thereby blocking the provision of said grant [handle] in response 
to the intercepted access-request if the signature verification of step (k) is 
unsuccessful. 

39. fH| instructions conveying means [i06 f 3Q',i30] of Claim 37 and 
wherein said internal/external access-constraining method further comprises: 

(k) volume encrypting [253] the decrypted primary data [161b] of step (i) 
and storing the volume encrypted data to nonvolatile storage; 
5 wherein the decrypted primary data [I6id\ is kept within the instructable 

machine [100] exclusively in volatile storage [175] thereof, 

40. MlAMS«»^M©^i»liiI^ I106,30;130] for instructing an 
instructable machine to carry out an nonresident file-closing method [400] for 
files that primarily reside removably or outside the instructable machine, where 
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the instructable machine [100] has an internal, data-providing means [150, 17S[ 
that can provide data from an identified one of internal or external, plural digital 
data files [152,153,161,162] in response to interceptabie file-open requests [tst], 
where each of said files is identifiable by a file name, said machine- 
implemented, file-closing method being for protecting data and/or information 
of said nonresident files from unauthorized access by way of unauthorized ones 
of identifiable programs and/or at the behest of unauthorized, identifiable 
users, said nonresident file-closing method comprising: 

(a) intercepting [401] file-closing attempts made by access-completing 
parts of access-requesting programs, where the original access requests were 
for data in an identified one of files residing primarily on an identified internal, 
removable, or external media; 

(b) first testing [402] for each intercepted file-closing attempt, to verify 
that the identified media on which the to-be-closed file primarily resides is 
currently available, and if not [403], updating local records [340] which track the 
current availability of the identified media to indicate the current non-availability 
of the media; 

(c) second testing [405] for each intercepted file-closing attempt, to 
determine if access constraining control information is available internally for 
the identified file; 

(d) if said second testing shows that the access constraining control 
information is not available in an internal and physically-secure storage area 
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[150,158], determining [407] explicitly or implicitly if the missing, access 
constraining control information must be locally present for allowing the 
intercepted file-closing request to complete normally [499], and if the missing 
information is necessary, blocking [407y/iid] the intercepted file-closing request 
from completing normally in response to the intercepted file-closing request. 

41 - fill instructions conveying means [1 06,30*,130] of Claim 40 and 
wherein said nonresident file-closing method further comprises: 

(e) third testing [412] the locally-present, access constraining control 
information for the to-be-closed file to determine if the access constraining 

5 rules for the identified file permit a current attempt to close the file; and 

(f) blocking [41$] the intercepted file-closing request from completing 
normally if said third testing step (e) indicates the locally-present, access 
constraining control information for the to-be-closed file do not permit a current 
attempt to close the file. 

42. ^^instructions conveying means [106,30\130] of Claim 41 and 
wherein said nonresident file-closing method further comprises: 

(g) determining [43$] if other local, application programs are still using 
the localized file copy, and if so, fooling [440-443] the file-closing requesting 

5 application program into to thinking the nonresident original of the identified file 
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has been closed, even though said nonresident original has not yet been 
closed. 

43. ft||| instructions conveying means [1 06,30',130] of Claim 42 and 
wherein the nonresident file-closing method further comprises: 

(h) if no other local, application programs are still using the localized file 
copy, determining [438] if the localized file copy has been modified locally; and 
5 (i) if said determining step (h) shows that the localized file copy has not 

been modified locally [439], allowing [440] the intercepted file-closing request 
to complete normally [499], thereby causing a f ile-close action to occurfor the 
nonresident file [74] identified in a counterpart, file-opening request. 

44. |§j§| instructions conveying means [106,30',130] of Claim 43 and 
wherein the nonresident file-closing method further comprises: 

(j) in conjunction with said step (i) of allowing the requested file-close 
action to occurfor the nonresident file [74], deleting [446] the localized file copy. 

45. flpjf instructions conveying means [ioe,30' f i3o] of Claim 44 and 
wherein the nonresident file-closing method further comprises: 

(k) in conjunction with said step (i) of allowing the requested file-close 
action to occurfor the nonresident file [Tfl, determining if any other, temporarily 
5 localized filed copies (TTL'ed files) are logically associated with the localized 
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copy of the access constraining rules of the to-be-closed file, and if not, 
deleting [493] the localized copy of the access constraining rules of the to-be- 
closed file. 

46. f§f|; instructions conveying means [106,30',130] of Claim 43 and 
wherein the nonresident file-closing method further comprises: 

(j) if said determining step (h) shows that the localized file copy has 
been modified locally [448], overwriting the modified local copy to the 
nonresident, original location before allowing [440] the intercepted file-closing 
request to complete normally [499], thereby causing a file-close action to occur 
for the nonresident file [74] identified in a counterpart, file-opening request only 
afterthe nonresident file has been updated [447] in accordance with the locally- 
made modifications. 

47. Ill instructions conveying means [1 06,30',130] of Claim 41 and 
wherein the nonresident file-closing method further comprises: 

(e) in response to a denial of the requested file-closing, posting [418] a 
correspondingly security alert message. 
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48. WSM automated machine [100] for executing one or more 
application programs [1 70], where the application programs access file data 
of a plurality of locally and externally stored files [153,161] by causing 
interceptable file-OPEN requests [181] and file-CLOSE requests [183] to be 
5 sent to an operating system of said machine, and where data within a subset 
of the plurality of stored files is encrypted or otherwise access constrained; an 
automatic access constraining control mechanism [$25] comprising: 

(a) OPEN intercept means [201] for intercepting said interceptable file- 
OPEN requests; 

1 0 (b) selective OPEN continuance means [202,210,212,2141, responsive to 

the OPEN intercept means, for determining whether an intercepted file-OPEN 
request is requesting an open of a file for which the request is to be denied 
based on associated access constrain rules [911]\ 

(c) local-use tracking means [300], responsive to the selective OPEN 

15 continuance means, for determining whether a localized copy of a to-be- 
opened, nonresident file, and a localized copy of nonresident access 
constraining rules associated with the to-be-opened, nonresident file, are 
already present in the machine [100], and if so, for allowing the intercepted file- 
OPEN request to continue [299] on its way to the operating system such that the 

20 localized file copy will be accessed if so permitted by the localized copy of 
nonresident access constraining rules; 
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(d) CLOSE intercept means [40i\ for intercepting said interceptable file- 
CLOSE requests; and 

(e) selective CLOSE continuance means [402,407,412], responsive to the 
OPEN intercept means, for determining whether an intercepted file-CLOSE 
request is requesting a closing of a file for which the CLOSE request is to be 
denied based on associated access constrain rules [911}. 

49. HH instructions conveying means [106,30',130] of Claim 41 and 
wherein said nonresident file-closing method further comprises: 

(g) determining [436] if the to-be-closed file is a special-use one such 
that, even if there are no other local, application programs still using the 
localized file copy, still fooling [440-443] the file-closing requesting application 
program into to thinking the nonresident original of the identified file has been 
closed, even though said nonresident original has not yet been closed because 
it is later slated for special-use by an application program that has not yet 
started using the localized file copy. 



Attorney Docket No.: SYMA1 045MCF/GG 
/s/ggg/syma/1 045.001 



Ver Tue Aug 21 2001 (12PM) 



